For help, email [email protected]

The Automated Infrastructure Compliance Framework is an open-source integrated pipeline for deploying and monitoring infrastructure. Specific features include:

• Pre-deployment policy checking using Open Policy Agent
• Post-deployment AWS/Azure drift detection using Fugue.co
• Terraform for Infrastructure-as-Code deployments

This GitHub Action executes an AICF run which runs a pre-deployment policy check against one's terraform infrastructure as code, deploys the terraform code in a cloud provider (aws, azure or gcp) and enables drifit detection upon completion of cloud resource build out. One glaring feature, not yet available, is the capability to manually trigger an action.

We've worked around this by specifying the action trigger in the example workflow on a push to a non-default branch, i.e. "deployment". Therefore your "master" branch won't clutter with commits that are used to trigger actions.

Please ensure all of your Terraform "*.tf" files are in a repo top level folder called terraform.

To gain a better understanding of the AICF and how it can be an effective in tool for your organization, please visit: https://newlighttechnologies.com/cybersecurity-services.

Required Terraform sub command to run.

Required Cloud provider TF will deploy to.

Required Working directory of terraform files in relation to top level repo directory. Default terraform.

Required Sha256 hash of TF binary. Default 5ce5834fd74e3368ad7bdaac847f973e66e61acae469ee86b88da4c6d9f933d4.

Required TF version. Default 0.15.3.

Required Fugue scan interval in seconds. Default 86400.

Required Version of Regula binary, Default 0.8.0.

Required Version of Open Policy Agent. Default 0.28.0.

Required Terraform cloud token

Required Fugue Environement specific ID

Required Fugue Client ID

Required Fugue Client Secret

# This workflow is triggered on pushes to the repository's deployment branch.
name: Terraform-apply
on:
push:
    branches:
    - master
pull_request:
    branches: 
    - master

jobs:
build:
    # Job name is Run
    runs-on: ubuntu-latest
    name: Run
    steps:
    - name: Repo checkout
    uses: actions/checkout@v2
    - name: AICF GitHub Action
    uses: nltgit/[email protected]
    with:
        # tfcommands {apply or destroy}
        tfcommand: apply
        # cloudprovider {aws, azure, gps}
        cloudprovider: aws
        tf_workdir: "ecs-fargate"
        terraformcloudtoken: ${{ secrets.TF_API_TOKEN }}
        fugueenvironmentid: ${{ secrets.FUGUEENVIRONMENTID }}
        fugueclientid: ${{ secrets.FUGUECLIENTID }}
        fugueclientsecret: ${{ secrets.FUGUECLIENTSECRET }}
    env:
        TF_VAR_AWS_ACCESS_KEY: ${{ secrets.AWS_ACCESS_KEY_ID }}
        TF_VAR_AWS_SECRET_KEY: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
        TF_VAR_POSTGRES_PASSWORD: ${{ secrets.POSTGRES_PASSWORD }}
        TF_VAR_DNS_ACCESS_KEY: ${{ secrets.DNS_ACCESS_KEY }}
        TF_VAR_DNS_SECRET_KEY: ${{ secrets.DNS_SECRET_KEY }}
        TF_VAR_DATASTORE_READONLY_PASSWORD: ${{ secrets.DATASTORE_READONLY_PASSWORD }}
        TF_VAR_CKAN_SMTP_USER: ${{ secrets.CKAN_SMTP_USER }}
        TF_VAR_CKAN_SMTP_PASSWORD: ${{ secrets.CKAN_SMTP_PASSWORD }}

1. Clone repo
2. Create new branch, make changes and commit and push to remote i.e. git push --set-upstream origin new-branch
3. Log into GitHub and create pull request to the master branch

New Light Technologies, Inc.
[email protected]